Hackers Show How to Attack a 'Smart' Vibrator at Def Con

LAS VEGAS — A team at the Def Con hacking conference last week showed off how to attack the We Vibe 4 Plus, a Bluetooth-enabled couple's vibrator that can be controlled by a smartphone app.

The Australian duo of Goldfisk and Follower pair spoke to Def Con attendees and showed off their hacking at a seminar titled, “Breaking the Internet of Vibrating Things: What We Learned Reverse Enginerring Bluetooh and Internet-Enabled Adult Toys.”

At the conference, the pair managed to decipher Bluetooth command strings and manipulated the We Vibe using a desktop computer, according to a report in The Daily Dot.

Goldfisk and Follower hit the We Vibe’s Texas Instruments CC2541 processor with its 2.4ghz Bluetooth chip, exploiting the lack of a certificate to collect information transmitted between the U-shaped vibrator and the app.

"As teledildonics come into the mainstream, human sexual pleasure has become connected with the concerns of privacy and security already familiar to those who previously only wanted to turn on their lights, rather than their lover," Goldfisk and Follower explained in the description of their presentation at Def Con, where they had planned to release the "Weevil" suite of tools to enable users to simulate and control We Vibe-compatible vibrators.

"Do you care if someone else knows if you or your lover is wearing a remote control vibrator? Do you care if the manufacturer is tracking your activity, sexual health and to whom you give control? How do you really know who is making you squirm with pleasure? And what happens when your government decides your sex toy is an aid to political dissidents?"

Goldfisk and Follower said they found that the Standard Innovation Corp., makers of the We Vibe, collect gobs of masturbatory data when the device is used, including which of the 10 vibration modes users pick and the temperature of the device.

Upon comment to the Daily Dot, Frank Ferrari, president of Standard Innovation, later clarified that "[t]emperature data is collected purely for hardware diagnostic purposes” and isn't precise enough to collect data that can determine which orifice into which a user has inserted the device.

"The temperature is measured through a thermometer in the Texas Instruments chip itself," Ferrari said. "Many factors can affect the temperature of the chip. However, any changes in the temperature are not significant or noticeable enough to indicate the location of the product."